Overview
overview
7Static
static
7JaffaCakes...c0.exe
windows7-x64
7JaffaCakes...c0.exe
windows10-2004-x64
7$LOCALAPPD...ds.exe
windows7-x64
7$LOCALAPPD...ds.exe
windows10-2004-x64
7$PLUGINSDI...Ex.dll
windows7-x64
3$PLUGINSDI...Ex.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...ad.dll
windows7-x64
3$PLUGINSDI...ad.dll
windows10-2004-x64
3$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...es.dll
windows7-x64
3$PLUGINSDI...es.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/Time.dll
windows7-x64
3$PLUGINSDIR/Time.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...ef.dll
windows7-x64
3$PLUGINSDI...ef.dll
windows10-2004-x64
3$PLUGINSDIR/mt.dll
windows7-x64
3$PLUGINSDIR/mt.dll
windows10-2004-x64
3$PLUGINSDI...os.dll
windows7-x64
3$PLUGINSDI...os.dll
windows10-2004-x64
3FM4ffx.exe
windows7-x64
7FM4ffx.exe
windows10-2004-x64
7$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
15/01/2025, 16:42
Behavioral task
behavioral1
Sample
JaffaCakes118_5c7f6d6e11f4eb14a890fd8084669bc0.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_5c7f6d6e11f4eb14a890fd8084669bc0.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$LOCALAPPDATA/funmoods.exe
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
$LOCALAPPDATA/funmoods.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/ExtractDLLEx.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/ExtractDLLEx.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/IEFunctions.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/IEFunctions.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/InetLoad.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/InetLoad.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/Processes.dll
Resource
win7-20240729-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/Processes.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/System.dll
Resource
win7-20241010-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/Time.dll
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/Time.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/chrmPref.dll
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/chrmPref.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/mt.dll
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/mt.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/nsisos.dll
Resource
win7-20240729-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/nsisos.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
FM4ffx.exe
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
FM4ffx.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240729-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
General
-
Target
FM4ffx.exe
-
Size
314KB
-
MD5
a6ea8baf987c05383013259a3a96b221
-
SHA1
dc1f3df6abd8b9fa1a3d364e9021cd5f62590f9f
-
SHA256
d978712e92d634c150493e35f7dab39483559350914c1a302c0b2c0aaf1c47a3
-
SHA512
0e6200677efff5a9e2babd8ebac1aba3c32a1f4de0251ba2036b6bd0996170777de40ba5df6e933e0b89fbdf8cc4709d09cd077016c83018d9e338a37b63b277
-
SSDEEP
6144:He34G2cYkBUQf/5yT2x/lN4VOejFepSBmiBmXOf4b2EDGwyo:WY6fRym/lNcjFeMmymXOAK2
Malware Config
Signatures
-
Loads dropped DLL 64 IoCs
pid Process 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe 3028 FM4ffx.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language FM4ffx.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
595B
MD5abcfdc6cfdb17f543e0ac433394bada7
SHA1ca561a3814bd5c380abea0f76a6450e958b74654
SHA256d1d7b36fbd079a76db4bc42e0fa27bea77428a32802417691151dd1eb18a6b6b
SHA51219f5e9a51a7fe12a190db6b1f99e508b8d03d88bf8dbaf11ba0db17c84dadada384315017fba41dde58cc7369fec61342e0849f47ce9f1fa5ea824100f019228
-
Filesize
771B
MD51da0df55aa5147b962024730e8fda687
SHA17bfcd8c8e5fb1a23d49bf3e4575dc9b6b022c377
SHA25609dd86231540764ed0c64214366f297a9b4b431d488a26f265e6e926d3cb1c30
SHA51278106806fa6f7a07565a3b8d1e84eb076dbbe1cd1a61ef57123e3b95e0153e27584490a6b02122db5271e9e582b0b956ee243c1af889dfbd9379ba69c4155884
-
Filesize
927B
MD599276dafb9454a3111f145251709144c
SHA1932eb24e55565cb7699278cdc3c75976e835aaad
SHA256f5affe255dffae659cbd6dde9b0ba3f7d9931ef72727f6ed9a9372e92e29ad34
SHA5127a129343c75f9dd015d75444e32c104cb3e710986c4a1c490a9e43b768f74a7459d0cc25c2d6edfe085aac7d364c81aa3d53fccde47c29292234c308fb83e131
-
Filesize
290B
MD550a304f854d280d8cbf9891a23897ed9
SHA1371c3b8c67265abf507d28d76bc159af9a1a3edb
SHA256d3cc1ded3dfc6fa1c8bac9bc175f695f12d48ee3a6bcd8defc643075712bde97
SHA51263a6e9b44fa19c479719e7f1c13c85cdc91a7adf210924880232cd754140259d4b437c3684a18afee70099b0a4166d59abac3213e4cc0e9c9b55e983b134df54
-
Filesize
345B
MD586d36fc714b08cd9c8867d386705dca8
SHA1171026e987ee425fa37724041d0a8eed13cd836c
SHA256a6d859c3854093cce6cedb105bee52784203f3dff42d081a6fc684fbfdf89ee9
SHA51204cdcac851ac5ef5aa0c29fcf7c4ac51871d9e68b3a2129cfe108b7e6f3dd741916fab971ef7f70790cd877622d393232dd62798c981f63efadc8726c0d04733
-
Filesize
659B
MD582c7e0e70d064491fad74a736f78dfa1
SHA1792298c6355926cf86d7edf44f1fe97456402fbd
SHA2562755137ca859bfab7389694be42dbf124eab3827c310271044aeebb4aca2d725
SHA5120f1edcbc930c43adb0deceb0dd7f9b99652ea705f89cabfda1486015f777233d7e2392587cf2e503a3895fac626f52caa130eca1126b22b29a1f8658d475a5c2
-
Filesize
822B
MD567bdb6e5fd9fe8f9ad74c9cd1f318674
SHA16a46b660258c366532289f29cbc72463308b6ddf
SHA256bf915aef1e1d6747163b233dbac1b0fbe7704c05cc941dc5879c3d1ff2fc343d
SHA5121671d0811ad1b43ef2ad7936547560794a3fd819ecae5c8dd5f0bdf7aadc0004d9be8aa7c2b447514e6d2ef0f32d799a775546063eb865bd744db29f245d1d53
-
Filesize
776B
MD59d902f232320f460fd38ed523397e1ea
SHA134bf2740c3e61715fdaba503771aca292184fe3f
SHA256117e36f2e4a2bce84c20603cc9e60680d8952f9d7a9619c4a318fd17b772f847
SHA512afdabce0debf13217e63193390e1fd3ecfa03679343d5f84daabc337a4bdeb490739871cdd0b1c6f10aaf0a619a84eaa963549ad374162dd32599ab13d98afb0
-
Filesize
1KB
MD5a1ce1651f54d92d7f048bb75579f8210
SHA1dd96fc611b4ff6e40fcc6c2a90ac10c39cc91096
SHA256b0e4d99d2447f5949449eae33044647aebffc4f33135bd6bf1c17dab8f47568c
SHA51277fa6330048030b13170dc980f61f88a6fc6d0a71d0edcdf1ddf6058f8b1d6117bdc78b71aa17d01398071aee300e84ceb842271d5a52e73656a7a8ca569a77e
-
Filesize
105B
MD5d66b7c36887a3a1f869cd8b637cc43b6
SHA12e7ad1e83bbe8ae41a119efcaaede2bc82e9d8db
SHA256d7516cb11c81e5ef2e0c7cffa7175c3a7f36f945e788a27024fdc79443fdda45
SHA512155ba55e437c52f3f53d27750fb8365f3489c08a00a8a842610d9d2687aaa067add493273caf5b49fe4bff39eca917eb3f4b4bcb58537119b3ce82e3ed40ceb8
-
Filesize
181B
MD5c42ac66e65b412612edb71a328403241
SHA14461abd35d83f1c35460c8594055635ae41ff585
SHA256949f7631b32975077cbdec0aa2f5e89515236493811761f4ae9104d5368cc859
SHA512dd8cd0b46fbf90d1954174eab59fb63734dc1e840aa3786ae1579ee8ef90b5c8a5dfbe0c7cd0b5518a3dbed22eb00f77bd8d8e1cff6c0ba43af257486b06dda8
-
Filesize
236B
MD5312669ce514b8bc32bb714105ed7aef7
SHA133c38cf50d1537fac6ba4fc52d5630fef5b48b33
SHA256bd15ca594d081e2792a821ca2fce6aa065664e4a885d545c7087b17984da88af
SHA512d08d27e15a3bd6bfe3ee3236a478a15776786fe042f6eb01958a011eb15cf8c9b6c32306eee9635e608235ca0e16f471792518d06e79abeb1f8f4ea2f2876e3e
-
Filesize
431B
MD5c4b8833c291dcbfaf8fcf9208c7e231f
SHA1d4810343d6fa4698302557fbedbd23c5d5b45730
SHA256e6a5617414e2ba41120a626843d5918c5613cd87c54b8eac6d0faf147ef0c1c7
SHA512319c3f225a75754f1a5cdcc90abc563e4b0d4f12a337c23107ff8d6c54be62c07b3a664fd687f5fa1fb3f69b3984c2f3a47684d0c842d2c699d8f95c37e2063a
-
Filesize
409B
MD544a1caae3ae6b7927ed06b79b433bca1
SHA1e1b217373ca90f05aa96ef304d614503512e4314
SHA2562853f85c31b515f1e3a3e1a5c3dfd2f38a10f9f6f85f9ec7af53b97507b0eeb2
SHA5122b95ef6879811107a5620eb478d678d51341dd701cd316317a34953c256ab06b148dc5fa23edd16d11dadd60280fd75b0960fd5d16021c9f0bc5f154a572d66a
-
Filesize
540B
MD5c6eda8e55f8669828ce84830dceac5af
SHA1da90cc768a6d7bd7bd2507a2f572aee2a48b3a65
SHA256e4ebc6e7a465221d9fa549c61020409c43b7bcd4c5315f59155654d906a92c83
SHA5121f21107d269fe4e3d35ba431a7b8414b2b8f57edda4987d3969d561e2c96951ed727ddc4aa3c9df2285edd25f0b593171fd02bbc5178cedb0c99bfc5b2d2f3b9
-
Filesize
716B
MD54a2d448c0be622b9ff918c5352d52948
SHA1102a8c68eeab088fbcf50430e9ef401f655ecdd9
SHA256a0c357cf390c150fae4aa8fade08b88221f1fad9c46a4e03ec5e840febf11921
SHA512d9a4198de4e8ea8914c8d544de708628bec6cfdae7e91e7a82bf436136c9bb65aa0d152d85a4cf5f284fc49445c6000d83eb5283d617b6fdaa23beb9a11983aa
-
Filesize
977B
MD5e65ac0d92a12719ebd70eb64dc3c9db9
SHA1e27bb357c3c451964702fbfa447e3f5e97a5d8ea
SHA2562e84bc04e4803dfdfe64345de6d536b75dda1680bec617f0eaaee1547c41cc82
SHA5120cbc5e2bfb6436aa07dd9fc036dda5a127d002ea9063c4ff2088278be2398e558b69240696d3908181f501eb4d4edde2832b0382304ca471fdb189dac003f93c
-
Filesize
521B
MD5e14d5067a2f09b8a6356b09356d41a94
SHA1013b1260dc29f5b6e022ba2dac6dd011b5be390a
SHA2561d1aa82d8cc2cea6e90b19977f96463718e02cdee3c17294ad809890aba0d5ac
SHA5126079f1dbd241b88d14bbeb0bbf4dd79016e4133f0178a5ee992eaebe2b04b17027b923797594146193076789d38adeeb58b9e82f1c2c64997c2138554c2420c3
-
Filesize
727B
MD50433d4170f1e241cb8bbd4388fb9ae3d
SHA1a2dc940d7c63cf66737931f8d96e73e992d1de78
SHA256cd19e7f5492b496e5dd100e0b5962db42d5de505b25f5e3af3082c7a291c0608
SHA51234c8cffb4130338fd2d173b59c142b986b5b7617fbca8a2640939e0c4bc9619930d744e8d65fcd8ddbd1daa9c0ff1151cfe3d238385305aabb440ce1d018288d
-
Filesize
11KB
MD5c17103ae9072a06da581dec998343fc1
SHA1b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
SHA256dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
SHA512d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
Filesize
10KB
MD538977533750fe69979b2c2ac801f96e6
SHA174643c30cda909e649722ed0c7f267903558e92a
SHA256b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35
SHA512e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53
-
Filesize
5KB
MD5aac69f856c4540edd4ef7ce6c8571639
SHA12860f55ea9774d631219e66604051e90a43258b7
SHA2566dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd
SHA512ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd
-
Filesize
5KB
MD569806691d649ef1c8703fd9e29231d44
SHA1e2193fcf5b4863605eec2a5eb17bf84c7ac00166
SHA256ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6
SHA5125e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb